Deps updates

DEPENDENCIES.json

@@ -21,8 +21,8 @@
     "libnpmversion"
   ],
   [
-    "@npmcli/run-script",
     "@npmcli/map-workspaces",
+    "@npmcli/run-script",
     "libnpmaccess",
     "libnpmorg",
     "libnpmpublish",
@@ -41,25 +41,25 @@
   ],
   [
     "@npmcli/smoke-tests",
-    "npm-pick-manifest",
     "@npmcli/installed-package-contents",
+    "npm-pick-manifest",
     "cacache",
     "promzard"
   ],
   [
     "@npmcli/docs",
-    "npm-package-arg",
+    "@npmcli/fs",
+    "npm-bundled",
     "@npmcli/promise-spawn",
     "npm-install-checks",
-    "npm-bundled",
-    "@npmcli/fs",
+    "npm-package-arg",
     "unique-filename",
     "npm-packlist",
-    "@npmcli/mock-globals",
     "bin-links",
     "nopt",
     "parse-conflict-json",
     "read-package-json-fast",
+    "@npmcli/mock-globals",
     "read",
     "normalize-package-data"
   ],
@@ -68,20 +68,20 @@
     "@npmcli/template-oss",
     "ignore-walk",
     "semver",
+    "npm-normalize-package-bin",
+    "@npmcli/name-from-folder",
+    "which",
+    "ini",
     "hosted-git-info",
     "proc-log",
     "validate-npm-package-name",
-    "which",
-    "ini",
-    "npm-normalize-package-bin",
     "json-parse-even-better-errors",
-    "@npmcli/node-gyp",
     "ssri",
     "unique-slug",
+    "@npmcli/node-gyp",
     "@npmcli/redact",
     "@npmcli/agent",
     "minipass-fetch",
-    "@npmcli/name-from-folder",
     "@npmcli/query",
     "cmd-shim",
     "read-cmd-shim",

DEPENDENCIES.md

@@ -781,9 +781,9 @@ packages higher up the chain.
  - @npmcli/arborist
  - @npmcli/metavuln-calculator
  - pacote, @npmcli/config, libnpmversion
- - @npmcli/run-script, @npmcli/map-workspaces, libnpmaccess, libnpmorg, libnpmpublish, libnpmsearch, libnpmteam, init-package-json, npm-profile
+ - @npmcli/map-workspaces, @npmcli/run-script, libnpmaccess, libnpmorg, libnpmpublish, libnpmsearch, libnpmteam, init-package-json, npm-profile
  - @npmcli/package-json, npm-registry-fetch
  - @npmcli/git, make-fetch-happen
- - @npmcli/smoke-tests, npm-pick-manifest, @npmcli/installed-package-contents, cacache, promzard
- - @npmcli/docs, npm-package-arg, @npmcli/promise-spawn, npm-install-checks, npm-bundled, @npmcli/fs, unique-filename, npm-packlist, @npmcli/mock-globals, bin-links, nopt, parse-conflict-json, read-package-json-fast, read, normalize-package-data
- - @npmcli/eslint-config, @npmcli/template-oss, ignore-walk, semver, hosted-git-info, proc-log, validate-npm-package-name, which, ini, npm-normalize-package-bin, json-parse-even-better-errors, @npmcli/node-gyp, ssri, unique-slug, @npmcli/redact, @npmcli/agent, minipass-fetch, @npmcli/name-from-folder, @npmcli/query, cmd-shim, read-cmd-shim, write-file-atomic, abbrev, proggy, minify-registry-metadata, mute-stream, npm-audit-report, npm-user-validate
+ - @npmcli/smoke-tests, @npmcli/installed-package-contents, npm-pick-manifest, cacache, promzard
+ - @npmcli/docs, @npmcli/fs, npm-bundled, @npmcli/promise-spawn, npm-install-checks, npm-package-arg, unique-filename, npm-packlist, bin-links, nopt, parse-conflict-json, read-package-json-fast, @npmcli/mock-globals, read, normalize-package-data
+ - @npmcli/eslint-config, @npmcli/template-oss, ignore-walk, semver, npm-normalize-package-bin, @npmcli/name-from-folder, which, ini, hosted-git-info, proc-log, validate-npm-package-name, json-parse-even-better-errors, ssri, unique-slug, @npmcli/node-gyp, @npmcli/redact, @npmcli/agent, minipass-fetch, @npmcli/query, cmd-shim, read-cmd-shim, write-file-atomic, abbrev, proggy, minify-registry-metadata, mute-stream, npm-audit-report, npm-user-validate

mock-registry/package.json

@@ -46,7 +46,7 @@
     ]
   },
   "devDependencies": {
-    "@npmcli/arborist": "^8.0.0",
+    "@npmcli/arborist": "^9.0.0",
     "@npmcli/eslint-config": "^5.0.1",
     "@npmcli/template-oss": "4.24.4",
     "json-stringify-safe": "^5.0.1",

node_modules/@npmcli/metavuln-calculator/lib/advisory.js

@@ -292,7 +292,7 @@ class Advisory {
 
   [_testSpec] (spec) {
     for (const v of this.versions) {
-      const satisfies = semver.satisfies(v, spec)
+      const satisfies = semver.satisfies(v, spec, semverOpt)
       if (!satisfies) {
         continue
       }

node_modules/@npmcli/metavuln-calculator/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/metavuln-calculator",
-  "version": "9.0.0",
+  "version": "9.0.1",
   "main": "lib/index.js",
   "files": [
     "bin/",
@@ -34,7 +34,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^5.0.0",
-    "@npmcli/template-oss": "4.23.4",
+    "@npmcli/template-oss": "4.25.0",
     "require-inject": "^1.4.4",
     "tap": "^16.0.1"
   },
@@ -50,7 +50,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.23.4",
+    "version": "4.25.0",
     "publish": "true",
     "ciVersions": [
       "16.14.0",

node_modules/agent-base/dist/index.js

@@ -111,9 +111,7 @@ class Agent extends http.Agent {
     // In order to properly update the socket pool, we need to call `getName()` on
     // the core `https.Agent` if it is a secureEndpoint.
     getName(options) {
-        const secureEndpoint = typeof options.secureEndpoint === 'boolean'
-            ? options.secureEndpoint
-            : this.isSecureEndpoint(options);
+        const secureEndpoint = this.isSecureEndpoint(options);
         if (secureEndpoint) {
             // @ts-expect-error `getName()` isn't defined in `@types/node`
             return https_1.Agent.prototype.getName.call(this, options);

node_modules/agent-base/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agent-base",
-  "version": "7.1.3",
+  "version": "7.1.4",
   "description": "Turn a function into an `http.Agent` instance",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

node_modules/aproba/index.js

@@ -97,7 +97,7 @@ function moreThanOneError (schema) {
 }
 
 function newException (code, msg) {
-  const err = new Error(msg)
+  const err = new TypeError(msg)
   err.code = code
   /* istanbul ignore else */
   if (Error.captureStackTrace) Error.captureStackTrace(err, validate)

node_modules/aproba/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aproba",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "A ridiculously light-weight argument validator (now browser friendly)",
   "main": "index.js",
   "directories": {

node_modules/ci-info/index.js

@@ -36,7 +36,7 @@ exports.isCI = !!(
   env.CI !== 'false' && // Bypass all checks if CI env is explicitly set to 'false'
   (env.BUILD_ID || // Jenkins, Cloudbees
     env.BUILD_NUMBER || // Jenkins, TeamCity
-    env.CI || // Travis CI, CircleCI, Cirrus CI, Gitlab CI, Appveyor, CodeShip, dsari, Cloudflare Pages
+    env.CI || // Travis CI, CircleCI, Cirrus CI, Gitlab CI, Appveyor, CodeShip, dsari, Cloudflare Pages/Workers
     env.CI_APP_ID || // Appflow
     env.CI_BUILD_ID || // Appflow
     env.CI_BUILD_NUMBER || // Appflow

node_modules/ci-info/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ci-info",
-  "version": "4.2.0",
+  "version": "4.3.0",
   "description": "Get details about the current Continuous Integration environment",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -36,14 +36,15 @@
     "CHANGELOG.md"
   ],
   "scripts": {
+    "build": "node sort-vendors.js && node create-typings.js",
     "lint:fix": "standard --fix",
     "test": "standard && node test.js",
     "prepare": "husky install || true"
   },
   "devDependencies": {
     "clear-module": "^4.1.2",
     "husky": "^9.1.7",
-    "publint": "^0.3.8",
+    "publint": "^0.3.12",
     "standard": "^17.1.2",
     "tape": "^5.9.0"
   },

node_modules/ci-info/vendors.json

@@ -90,6 +90,11 @@
     "constant": "CLOUDFLARE_PAGES",
     "env": "CF_PAGES"
   },
+  {
+    "name": "Cloudflare Workers",
+    "constant": "CLOUDFLARE_WORKERS",
+    "env": "WORKERS_CI"
+  },
   {
     "name": "Codefresh",
     "constant": "CODEFRESH",

node_modules/normalize-package-data/lib/fixer.js

@@ -1,11 +1,11 @@
+var { URL } = require('node:url')
 var isValidSemver = require('semver/functions/valid')
 var cleanSemver = require('semver/functions/clean')
 var validateLicense = require('validate-npm-package-license')
 var hostedGitInfo = require('hosted-git-info')
-var moduleBuiltin = require('node:module')
+var { isBuiltin } = require('node:module')
 var depTypes = ['dependencies', 'devDependencies', 'optionalDependencies']
 var extractDescription = require('./extract_description')
-var url = require('url')
 var typos = require('./typos.json')
 
 var isEmail = str => str.includes('@') && (str.indexOf('@') < str.lastIndexOf('.'))
@@ -231,7 +231,7 @@ module.exports = {
       data.name = data.name.trim()
     }
     ensureValidName(data.name, strict, options.allowLegacyCase)
-    if (moduleBuiltin.builtinModules.includes(data.name)) {
+    if (isBuiltin(data.name)) {
       this.warn('conflictingName', data.name)
     }
   },
@@ -269,8 +269,7 @@ module.exports = {
       if (typeof data.bugs === 'string') {
         if (isEmail(data.bugs)) {
           data.bugs = { email: data.bugs }
-        /* eslint-disable-next-line node/no-deprecated-api */
-        } else if (url.parse(data.bugs).protocol) {
+        } else if (URL.canParse(data.bugs)) {
           data.bugs = { url: data.bugs }
         } else {
           this.warn('nonEmailUrlBugsString')
@@ -280,8 +279,7 @@ module.exports = {
         var oldBugs = data.bugs
         data.bugs = {}
         if (oldBugs.url) {
-          /* eslint-disable-next-line node/no-deprecated-api */
-          if (typeof (oldBugs.url) === 'string' && url.parse(oldBugs.url).protocol) {
+          if (URL.canParse(oldBugs.url)) {
             data.bugs.url = oldBugs.url
           } else {
             this.warn('nonUrlBugsUrlField')
@@ -317,8 +315,7 @@ module.exports = {
       this.warn('nonUrlHomepage')
       return delete data.homepage
     }
-    /* eslint-disable-next-line node/no-deprecated-api */
-    if (!url.parse(data.homepage).protocol) {
+    if (!URL.canParse(data.homepage)) {
       data.homepage = 'http://' + data.homepage
     }
   },

node_modules/normalize-package-data/package.json

@@ -1,6 +1,6 @@
 {
   "name": "normalize-package-data",
-  "version": "7.0.0",
+  "version": "7.0.1",
   "author": "GitHub Inc.",
   "description": "Normalizes data that can be found in package.json files.",
   "license": "BSD-2-Clause",
@@ -28,7 +28,7 @@
   },
   "devDependencies": {
     "@npmcli/eslint-config": "^5.0.0",
-    "@npmcli/template-oss": "4.23.3",
+    "@npmcli/template-oss": "4.25.0",
     "tap": "^16.0.1"
   },
   "files": [
@@ -40,7 +40,7 @@
   },
   "templateOSS": {
     "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
-    "version": "4.23.3",
+    "version": "4.25.0",
     "publish": "true"
   },
   "tap": {

node_modules/socks/build/common/helpers.js

@@ -104,6 +104,7 @@ function validateCustomProxyAuth(proxy, options) {
 function isValidSocksRemoteHost(remoteHost) {
     return (remoteHost &&
         typeof remoteHost.host === 'string' &&
+        Buffer.byteLength(remoteHost.host) < 256 &&
         typeof remoteHost.port === 'number' &&
         remoteHost.port >= 0 &&
         remoteHost.port <= 65535);

node_modules/socks/package.json

@@ -1,7 +1,7 @@
 {
   "name": "socks",
   "private": false,
-  "version": "2.8.5",
+  "version": "2.8.6",
   "description": "Fully featured SOCKS proxy client supporting SOCKSv4, SOCKSv4a, and SOCKSv5. Includes Bind and Associate functionality.",
   "main": "build/index.js",
   "typings": "typings/index.d.ts",

node_modules/tinyglobby/node_modules/picomatch/lib/constants.js

@@ -99,6 +99,7 @@ module.exports = {
 
   // Replace globs with equivalent patterns to reduce parsing time.
   REPLACEMENTS: {
+    __proto__: null,
     '***': '*',
     '**/**': '**',
     '**/**/**': '**'

node_modules/tinyglobby/node_modules/picomatch/package.json

@@ -1,7 +1,7 @@
 {
   "name": "picomatch",
   "description": "Blazing fast and accurate glob matcher written in JavaScript, with no dependencies and full support for standard and extended Bash glob features, including braces, extglobs, POSIX brackets, and regular expressions.",
-  "version": "4.0.2",
+  "version": "4.0.3",
   "homepage": "https://github.com/micromatch/picomatch",
   "author": "Jon Schlinkert (https://github.com/jonschlinkert)",
   "funding": "https://github.com/sponsors/jonschlinkert",

node_modules/tuf-js/dist/error.js

@@ -40,6 +40,7 @@ class DownloadLengthMismatchError extends DownloadError {
 exports.DownloadLengthMismatchError = DownloadLengthMismatchError;
 // Returned by FetcherInterface implementations for HTTP errors.
 class DownloadHTTPError extends DownloadError {
+    statusCode;
     constructor(message, statusCode) {
         super(message);
         this.statusCode = statusCode;

node_modules/tuf-js/dist/fetcher.js

@@ -25,16 +25,16 @@ class BaseFetcher {
             // the length of the file as we go
             try {
                 for await (const chunk of reader) {
-                    const bufferChunk = Buffer.from(chunk);
-                    numberOfBytesReceived += bufferChunk.length;
+                    numberOfBytesReceived += chunk.length;
                     if (numberOfBytesReceived > maxLength) {
                         throw new error_1.DownloadLengthMismatchError('Max length reached');
                     }
-                    await writeBufferToStream(fileStream, bufferChunk);
+                    await writeBufferToStream(fileStream, chunk);
                 }
             }
             finally {
                 // Make sure we always close the stream
+                // eslint-disable-next-line @typescript-eslint/unbound-method
                 await util_1.default.promisify(fileStream.close).bind(fileStream)();
             }
             return handler(tmpFile);
@@ -54,6 +54,8 @@ class BaseFetcher {
 }
 exports.BaseFetcher = BaseFetcher;
 class DefaultFetcher extends BaseFetcher {
+    timeout;
+    retry;
     constructor(options = {}) {
         super();
         this.timeout = options.timeout;